Saturday, November 23, 2024
Cybersecurity

Lapsus$ Continues to Infiltrate Companies and Tips on How to Detect Phishing Websites

How Lapsus$ Gains Access

by Artie Kaye

Even with the arrests made in the UK, Lapsus$ compromised the databases at Globant. The current understanding of how the group gains access to companies is through their technological supply chain. If a large company is doing business with a smaller one, Lapsus$ targets the smaller one to attempt to get credentials with the intent to gain access to the larger one. A takeaway from this is to have security measures in place for your staff. Social engineering is the number one method that hackers use to gain access to companies.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


Browser-in-Browser Phishing

by Artie Kaye

Here’s some good news regarding a browser-in-browser phishing problem that has recently come to light. For those who don’t know, someone devised a way of mimicking the login popups that you can find on pages like Facebook or Google. The popup looks legitimate and even displays the proper web address. It is devious in that it evades all the traditional methods for determining if it is authentic or not. The good news is that two methods can help someone determine whether it is a real or fake request. The first is to right-click on the login window and try to inspect it in the browser. If it is real, you should be able to have the website code come up when doing this. If it’s fake, it may give a normal Windows program menu or no menu at all. Also, if the login box can be dragged outside the browser window, it is fake. Testing these two things will help keep you secure.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)